Problem setting up Nordvpn on asus RT-ac86u merlin [Noob]

[Robson]

Tried setting up Nordvpn on my roter using this guide https://support.nordvpn.com/Connectivity/Router/1047410642/AsusWRT-Merlin-setup-with-NordVPN.htm
It works for a while and then suddenly I lose internet.
If I set "connect to dns server automatically" to yes usually internet comes back but I lose my VPN.
Could someone take a look on my setting and let me know if anything is wrong from there?

Thanks

 

[Viktor Jaep]

Tried setting up Nordvpn on my roter using this guide https://support.nordvpn.com/Connectivity/Router/1047410642/AsusWRT-Merlin-setup-with-NordVPN.htm
It works for a while and then suddenly I lose internet.
If I set "connect to dns server automatically" to yes usually internet comes back but I lose my VPN.
Could someone take a look on my setting and let me know if anything is wrong from there?

Thanks

You may want to change your "Connection Retry Attempts" from 15 to 0 (infinite). Perhaps it's giving up after 15 chances. Also, what do you have under your "custom configuration" settings? I've provided some screenshots of my setup under this thread:

VPNMON - VPNMON-R2 v2.0 -Jul 10, 2022- Monitor your VPN connection's Health (New: AMTM, Fastest Connection Switching + Nord/SurfShark/PerfectPrivacy) (#1)

v2.0 - Now with even more SuperRandom(tm) goodness!! Updated July 10 2022 Executive Summary: VPNMON-R2 v2.0 (VPNMON-R2.SH) is an all-in-one script that works for any VPN service of your choice, but is optimized for NordVPN, SurfShark VPN and Perfect Privacy VPN services. It can also compliment...

www.snbforums.com

 

[ColinTaylor]

Don't use the NordVPN DNS servers on your WAN settings. Use your "normal" DNS server selection, e.g. your ISP's servers or something like 9.9.9.9.

 

[Robson]

You may want to change your "Connection Retry Attempts" from 15 to 0 (infinite). Perhaps it's giving up after 15 chances. Also, what do you have under your "custom configuration" settings? I've provided some screenshots of my setup under this thread:

VPNMON - VPNMON-R2 v2.0 -Jul 10, 2022- Monitor your VPN connection's Health (New: AMTM, Fastest Connection Switching + Nord/SurfShark/PerfectPrivacy) (#1)

v2.0 - Now with even more SuperRandom(tm) goodness!! Updated July 10 2022 Executive Summary: VPNMON-R2 v2.0 (VPNMON-R2.SH) is an all-in-one script that works for any VPN service of your choice, but is optimized for NordVPN, SurfShark VPN and Perfect Privacy VPN services. It can also compliment...

www.snbforums.com

Thanks I will try it! I´ll take a look at your thread first thing tomorrow. getting late here

this is my c.c :

remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 3600

#log /tmp/vpn.log

 

[Robson]

Don't use the NordVPN DNS servers on your WAN settings. Use your "normal" DNS server selection, e.g. your ISP's servers or something like 9.9.9.9.

Thanks for your reply
I changed dns to cloudfare 1.1.1.1 and 1.0.0.1
going to give it a try

 

[Viktor Jaep]

Thanks I will try it! I´ll take a look at your thread first thing tomorrow. getting late here

this is my c.c :

remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 3600

#log /tmp/vpn.log

Give this one a shot... it does seem to help with speed and stability:

remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

 

[Robson]

Give this one a shot... it does seem to help with speed and stability:

remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

I´ve been using your custom code for a couple of hours now. So far so good !
I´ll report back in a couple days and let you know how it went/goes.
Thanks for taking the time helping me out!

 

[Viktor Jaep]

I´ve been using your custom code for a couple of hours now. So far so good !
I´ll report back in a couple days and let you know how it went/goes.
Thanks for taking the time helping me out!

Absolutely... I think @ColinTaylor's suggestion was probably the fix, but every little tweak helps in the overall scheme of things.

 

[NB_8]

Don't use the NordVPN DNS servers on your WAN settings. Use your "normal" DNS server selection, e.g. your ISP's servers or something like 9.9.9.9.

Would you mind sharing your reasoning regarding this?

 

[Viktor Jaep]

Would you mind sharing your reasoning regarding this?

Many times, VPN providers' DNS servers are meant to be accessed only while connected through their VPN, and may not even be usable or visible to the general public. So if you reference them in your WAN connection, you're basically making a public connection to them without accessing them through an encrypted tunnel, and may not be usable... thus breaking your ability to resolve anything, and hobbling your ability to function across the WAN.

 

[ColinTaylor]

Would you mind sharing your reasoning regarding this?

In addition to @Viktor Jaep's post, the OP was using policy rules to redirect only one device through the VPN. The VPN provider instructions assume all devices are going through the VPN and the customer wants all these devices to use their DNS servers.

 

[Dimmie]

Do not use 386.7_2 or 386.7, it will not work stable with nordvpn. Esspecially the dns is buggy when using VPN (stops working). Use 386.5_2 on the ac86u and the also the dns servers of nordvpn will just work fine.

 

[RMerlin]

Do not use 386.7_2 or 386.7, it will not work stable with nordvpn. Esspecially the dns is buggy when using VPN (stops working). Use 386.5_2 on the ac86u and the also the dns servers of nordvpn will just work fine.

I use NordVPN for my tests. I had a NordVPN tunnel running non-stop for multiple weeks on my RT-AC68U without any connectivity issue.

 

[Viktor Jaep]

Do not use 386.7_2 or 386.7, it will not work stable with nordvpn. Esspecially the dns is buggy when using VPN (stops working). Use 386.5_2 on the ac86u and the also the dns servers of nordvpn will just work fine.

Agreeing completely with @RMerlin ... I've been running NordVPN non-stop on both 386.7 and 386.7_2 (and waaaayyyy before these versions)... zero issues with the firmware, or with dns. I'm not sure what @Dimmie is referring to, but feel free to ignore this advice completely. He is most likely experiencing issues due to vpn client configuration problems or custom vpn config options. <sigh>